Apache Archiva is prone to multiple remote command-execution vulnerabilities.
Successful exploits will allow remote attackers to execute arbitrary commands within the context of the affected application.
Ask the vendor for an update.
Apache Archiva use Apache Struts2: "In Struts 2 before 18.104.22.168 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code."
Apache Archiva <= 1.3.6
Send a special crafted HTTP GET request and check the response.
- ApPHP MicroBlog Remote Code Execution Vulnerability
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- b2ePMS Multiple SQL Injection Vulnerabilities
- Arkeia Appliance Path Traversal Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution